Privacy Policy

Privacy Policy

Personal Data Protection Notice (Privacy Policy)

Controller: AVEMTO
Data protection contact: info@avemto.com
Registered address: Calle Baleares 4, 38670 Costa Adeje, Spain

As the data controller, AVEMTO attaches great importance to the security and confidentiality of personal data. Below we explain what data we process, for what purposes, on what legal bases, and what rights you have.

I. Scope of protection

The subject of protection is personal data, i.e., any information that identifies or can identify a natural person, such as name, address, email address, phone number, online identifiers, and transaction data.

II. When and for what purposes we collect data

Using our website and apps generally does not require providing data. Providing data may be necessary to use specific features (e.g., registration, booking, payment). Sharing data is voluntary, but without it some services may not be available. Please note that Internet transmissions entail risks—despite safeguards, complete protection against unauthorized access cannot be guaranteed.

We process data only insofar as necessary for:

  1. Account creation and contract conclusion/performance

    • registration data (e.g., name, email, phone, address),

    • transaction and billing data,

    • information related to account activity (e.g., booking history),

    • content shared via reviews, messages, chat, or forms.

  2. Communicating with you
    Data supplied in correspondence (email, form, post) is used to respond and handle the matter at hand.

  3. Marketing (e.g., newsletter—only with your consent)
    You may withdraw consent at any time by contacting info@avemto.com or via the unsubscribe instructions in the message. You may also object to direct marketing.

  4. Payments
    Payments are processed by independent payment providers that comply with security standards (e.g., PCI DSS). Data required to process payments is received by the provider and is not fully accessible to us unless you separately share it with us (e.g., for customer support).

  5. Sharing anonymized/aggregated information
    We may analyze data statistically in a way that does not permit identification of individuals.

III. Usage data (necessary to use the service)

When you visit the service, we process essential technical data: IP address, timestamps, session information, login data (if applicable), device/browser details. This is used to ensure service operation, security, and basic personalization. We delete or anonymize such data once it is no longer needed and there is no basis to retain it.

IV. Apps and mobile devices

When using mobile apps or the mobile version of the site, we may process device data (e.g., OS, settings) and—with your consentlocation data to deliver location-based services (e.g., offer matching). You can disable location services in your device settings. Any additional consents will be requested in the app.

V. Data from other sources

Within the limits of the law, we may supplement our records with data from third parties (e.g., payment verification or demographic data) to prevent fraud, tailor offers, or comply with legal obligations.

VI. Cookies and similar technologies

We use cookies and similar technologies (e.g., local storage, tags) to:

  • ensure operation and security of the service (strictly necessary cookies),

  • remember settings (functional cookies),

  • measure and analyze traffic and performance (analytics cookies),

  • conduct marketing and measure campaign effectiveness (advertising cookies),

  • support social media integrations.

You can manage cookies in your browser settings (including deleting or blocking). Blocking some cookies may limit functionality. Some embedded content from partners may set their own cookies—use is governed by those partners’ privacy policies.

VII. Analytics and online advertising

For statistics, improvement, and marketing, we may use analytics and advertising tools that rely on online identifiers. This helps tailor content and measure effectiveness. For online advertising, you can use opt-out mechanisms offered by industry organizations or tool providers, as described in their privacy policies.

VIII. Legal bases for processing (GDPR)

Depending on the situation, we rely on:

  • Art. 6(1)(a) GDPR – consent (e.g., newsletter, location, certain cookies),

  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual steps (registration, booking, payment, support),

  • Art. 6(1)(c) GDPR – legal obligation (e.g., accounting, complaints),

  • Art. 6(1)(f) GDPR – legitimate interests (security, necessary analytics, fraud prevention, establishment or defense of claims).

IX. Social media

Our service may include links/buttons to social media platforms operated by third parties. Data is transmitted to those platforms only after your activation (e.g., click). Processing is governed by those platforms’ policies.

X. Data sharing

We share data only when lawful and necessary:

  • with processors acting on our behalf (e.g., IT providers, payment processors, analytics tools) under data processing agreements and with safeguards,

  • with suppliers/service providers to fulfill your booking,

  • with public authorities—only where required by law.

We do not sell your data.

XI. Transfers outside the EEA

Where needed to perform a service (e.g., bookings outside the EU) or for our legitimate purposes, data may be transferred to third countries. In such cases we ensure appropriate safeguards (e.g., Standard Contractual Clauses) or rely on GDPR Art. 49 derogations (e.g., your explicit consent, necessity for contract performance). For details and a copy of safeguards, contact info@avemto.com.

XII. Retention period

We keep data only as long as necessary:

  • to perform the contract and operate the account/services,

  • to meet legal obligations (e.g., tax/accounting),

  • to establish, exercise, or defend legal claims (for the limitation period).

Once the basis ceases, data is deleted or anonymized.

XIII. Security

We apply appropriate technical and organizational measures (e.g., TLS/SSL encryption, access controls, data minimization, security testing). Persons handling data are bound by confidentiality and trained. We regularly review the effectiveness of safeguards.

XIV. Your rights (GDPR)

You have, among others, the rights to access, rectification, erasure, restriction, objection (including to direct marketing), data portability, and to withdraw consent (without affecting prior lawful processing). You also have the right to lodge a complaint with a supervisory authority.
We handle requests after verifying identity. Contact: info@avemto.com.

XV. Automated decisions

We do not make decisions producing legal effects concerning you solely on the basis of automated processing, including profiling, without your knowledge and a proper legal basis.

XVI. Privacy contact

For any privacy questions or requests, please write to: info@avemto.com
(Controller: AVEMTO, Calle Baleares 4, 38670 Costa Adeje, Spain)

XVII. Changes to this notice

We may update this notice to reflect changes in law, technology, or our processes. Updates are published on the service; the effective date appears in the header/footer of the version. Continued use after publication signifies you have read the updated content.